Good IOS MDM (continue) – Testing and Troubleshooting Presented by: Jerry Wen 03/14/2012.

Good IOS MDM (continue) – Testing and Troubleshooting

Presented by: Jerry Wen

03/14/2012

©2011 Good Technology, Inc. All Rights Reserved. Company Confidential 2

IOS MDM Command Life Cycle – Flow Diagram

IOS MDM Command Life Cycle – troubleshooting process and logs analysis

MDM DB Query

Occasions where iOS MDM commands are invoked

Agenda


IOS MDM Command Life Cycle – Flow Diagram


2012-02-27 18:47:00.339 PST | INFO | 1_3123/53_2/55_10 | com.good.ws.SOAPLoggingHandler | log | client_webapps-qa.good.com_443_ws_ManageService Sending:<?xml version="1.0" encoding="UTF-8"?>

<processActionManageRequest xmlns="http://www.good.com/ManageService">

<GUID>373C7163-DBCF-40BC-898F-926407E9BAAE</GUID>

<action>DeviceLock</action>

</processActionManageRequest>

MDM Command process – GMC send command (EMF.log)


2012-02-27 18:47:01.777 PST | INFO | 1_3123/53_2/55_10 | com.good.emf.wf2.WFExecutorImpl | schedulePrepped | Submiting WFGroup of 1 first is com.good.emf.wf2.tx.QueryiOSMDMChanges@84dd5c after 30000 ms delay

MDM Command process – GMC query webapps periodically (EMF.log)


Webapps log: /appdist/jboss/E1/server/default/log/server.log

2012-02-27 18:47:01,471 | INFO | DM00000001.GMC-RWS2K3GMC_bizapps01-zone2.lab.good.com_184700_4333 | com.good.ws.ms.ManageServiceImpl | Received DeviceLock request for guid:373C7163-DBCF-40BC-898F-926407E9BAAE returning with task Id: 54113

MDM Command process – webapps got the MDM command


MDM command initiated in DB


PN service invoked


/appdist/webbatch/current/logs/process_pnservice/batch.log2012-02-27 18:47:38,072 [main] INFO com.good.batch.processors.APNSMessageSender - Processing handheld : 68160

2012-02-27 18:47:38,073 [main] INFO com.good.batch.processors.APNSMessageSender - token is: e25da68bb8f96388455c8c094257cc7ce7c98026dd1d37c41afd9fa88ff45717 Message is:{"mdm":"DE2263ED-9644-424A-9493-DA49EB2C7DA0"}

MDM Command process – PN service


The device log can be got by connecting device to IPCUFeb 28 10:47:40 unknown mdmd[3172] <Notice>: (Note ) MDM: mdmd starting...

Feb 28 10:47:41 unknown profiled[3173] <Notice>: (Note ) profiled: Service starting...

Feb 28 10:47:41 unknown mdmd[3172] <Notice>: (Note ) MDM: Polling MDM server https://webappsqa.good.com/cerebus/mdm for commands

Feb 28 10:47:41 unknown mdmd[3172] <Notice>: (Note ) MDM: Network reachability has changed.

Feb 28 10:47:41 unknown mdmd[3172] <Notice>: (Note ) MDM: Network reachability has changed.

Feb 28 10:47:43 unknown mdmd[3172] <Notice>: (Note ) MDM: Transaction completed. Status: 200

Feb 28 10:47:43 unknown mdmd[3172] <Notice>: (Note ) MDM: Attempting to perform MDM request: DeviceLock

Feb 28 10:47:43 unknown mdmd[3172] <Notice>: (Note ) MDM: Handling request type: DeviceLock

Feb 28 10:47:43 unknown mdmd[3172] <Notice>: (Note ) MDM: Command Status: Acknowledged

Feb 28 10:47:43 unknown mdmd[3172] <Notice>: (Note ) MDM: Transaction completed. Status: 200

Feb 28 10:47:43 unknown mdmd[3172] <Notice>: (Note ) MDM: Server has no commands for this device.

Feb 28 10:47:45 unknown mdmd[3172] <Notice>: (Note ) MDM: mdmd stopping...

MDM Command process – Device MDM command execution


Webapps log: /appdist/jboss/E1/server/default/log/server.log2012-02-27 18:47:43,172 | INFO | null_bizapps01-zone2.lab.good.com_184703_5082 | com.good.mdm.ios.MDMServer | <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict>

<key>CommandUUID</key> <string>54113</string> <key>Status</key><string>Acknowledged</string> <key>UDID</key> <string>

2012-02-27 18:47:43,201 | INFO | null_bizapps01-zone2.lab.good.com_184703_5082 | com.good.mdm.ios.MDMServer | Rec a message from the device, Udid : cdb25c885ee7bebb0e52ee146ad1257a3818ce10 messageType null status:Acknowledged

MDM Command process – Webapps server got MDM command Ack


2012-02-27 18:48:32.873 PST | INFO | 1_3123/53_2/55_10/57_3 | com.good.ws.SOAPLoggingHandler | log | client_webapps-qa.good.com_443_ws_ManageService Received:<?xml version="1.0" encoding="UTF-8"?>

<getManageDeviceChangesResponse xmlns="http://www.good.com/ManageService">

<tasks>

<GUID>373C7163-DBCF-40BC-898F-926407E9BAAE</GUID>

<task>DeviceLock</task>

<taskId>54113</taskId>

<taskStatus>COMPLETED</taskStatus>

<receivedDate>2012-02-28T02:47:01.000Z</receivedDate>

<updatedDate>2012-02-28T02:47:43.000Z</updatedDate>

</tasks>

<currentDate>2012-02-28T02:43:32.083Z</currentDate>

</getManageDeviceChangesResponse>

MDM Command process – GMC got the MDM command status from webapps (EMF.log)


Get your “System Identifier” from GMC -> handheld -> “Handheld Info”

Connect to Webapps DB using some DB Client tool

Get handheld GUID by running:select GMC_MANAGE_HANDHELD_ID from GMC_MANAGE_HANDHELD where handheld_guid = '373C7163-DBCF-40BC-898F-926407E9BAAE';

Query MDM command Queue and PN Services tablesselect * from MDM_GATEWAY_QUEUE where handheld_id = '68160' order by queue_id desc;

select * from PN_SERVICE_QUEUE where handheld_id = '68160' order by queue_id desc;

MDM DB Query


The pre-requisite is handheld applied with MDM Enabled policies

GMC queries an ios handheld when MDM profile installed

GMC Admin click “Refresh” button in an ios handheld page

GMC Admin switches “Data Roaming” in handhelds/handheld page

GMC Admin click action button from Handheld -> Security

GMC Admin adds managed apps to ios handheld’s policy

GMC Admin “Remove and uninstall” managed apps from ios handheld’s policy

GMC Admin removes a ‘managed’ ios application from “Customer software”

GMC Admin clicks “Uninstall” button for a Packaged Application in Handheld -> Applications page

GMC Admins update an ios handheld’s ios configuration settings in policy

Others – Like MDM Access Right change

When are IOS MDM Commands invoked?


Below info means MDM profile is removed from device2012-03-05 00:31:25,229 [main] INFO com.good.batch.processors.APNSMessageSender - No Token found for handheld68461

2012-03-05 00:31:25,230 [main] INFO com.good.batch.processors.APNSMessageSender - Processing handheld : 68461

FAQ -1 batch.log


Below info means Apple APNs reject our request. So far we have not got response from Apple Support.

2012-03-04 21:17:39,753 [main] INFO com.good.batch.processors.APNSMessageSender - Error while sending the message, will try again

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:742)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)

at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)

at java.io.OutputStream.write(OutputStream.java:58)

at com.good.batch.processors.APNSMessageSender.send(APNSMessageSender.java:138)

at com.good.batch.processors.APNSMessageSender.pushMessages(APNSMessageSender.java:116)

at com.good.batch.processors.PNService.execute(PNService.java:84)

at com.good.batch.processors.BatchCommand.main(BatchCommand.java:18)

FAQ -2 batch.log


/appdist/jboss/E1/server/default/conf/log4j.xml<root>

<priority value="INFO"/>

<appender-ref ref="CONSOLE"/>

<appender-ref ref="FILE"/>

</root>

Webapps log level


What if I distribute paid apps to other devices via Good Enterprise?

The apps can be downloaded and “installed” on devices, while not able to run.

Answer for last session

Good IOS MDM (continue) – Testing and Troubleshooting Presented by: Jerry Wen 03/14/2012.

Documents

Transcript of Good IOS MDM (continue) – Testing and Troubleshooting Presented by: Jerry Wen 03/14/2012.